Splunk is search software that indexes and links together ALL the IT data generated by ANY system, application or device making it possible to search and navigate your running IT infrastructure. Is it possible to get a ebuild for this app? I'm willing to help in any fashion. Thanks.
No progress here for 1 year; closing WONTFIX. Feel free to reopen with an ebuild.
Created attachment 119923 [details] Splunk 2.2.3-18173 ebuild My first ebuild so it is not the cleanest. The LICENSE type needs to be changed and the whole thing could probably be made a little cleaner. Overall though it lets you install\uninstall Splunk. Includes a basic init script too.
*** Bug 181013 has been marked as a duplicate of this bug. ***
Reopen.
No login required download link: wget 'http://www.splunk.com/index.php/download_track?file=3.2.2/linux/splunk-3.2.2-34603-Linux-i686.tgz&ac=&wget=true&name=wget&typed=releases'
Created attachment 181030 [details] Revised ebuild I've created a revised version of this ebuild that addresses some of the feedback received in the forums on the original ebuild provided. Plus, it uses the most recently available version of splunk. There are still several limitations/problems with this ebuild, most notable is that it installs copies of python, bzip, etc. into /opt/splunk/bin instead of using system ones. Not sure of the best way to handle this. However, this ebuild works great for me.
Created attachment 181032 [details] Suggested inputs.conf config file This is the config file I use to provide a built-in monitoring of /var/log out of the box once installed. The only change required is to set the hostname of the logserver machine (replace FIXME with your hostname). This is just used in cases where splunk can't parse the hostname from the logfile.
Created attachment 181034 [details] Suggested props.conf file This file should be dropped into the files directory for the ebuild to provide a basic props setup. I wrote this file to deal with splunk's inability to correctly parse out the hostnames in my situation with many hosts sending their logs to one central logserver. Customize or remove to taste...
(In reply to comment #7) > Created an attachment (id=181032) [edit] > Suggested inputs.conf config file > > This is the config file I use to provide a built-in monitoring of /var/log out > of the box once installed. The only change required is to set the hostname of > the logserver machine (replace FIXME with your hostname). This is just used in > cases where splunk can't parse the hostname from the logfile. > This file should also be placed in the 'files' directory for the ebuild to install this default configuration.
what about the init script have you done that already? The ebuild does not work as is without it..
nevermind sorry, I obviously had not even extracted it and read the README in /etc/init.d but the fact remains the ebuild should be noted accordingly.
(In reply to comment #10) > what about the init script have you done that already? The ebuild does not work > as is without it.. > init script should be pretty simple, e.g.: #!/sbin/runscript depend() { after logger } start() { ebegin "Starting Splunk" /opt/splunk/bin/splunk start eend $? } stop() { ebegin "Stopping Splunk" /opt/splunk/bin/splunk stop eend $? } status() { /opt/splunk/bin/splunk status eend $? }
Splunk is now at 4.1. I'd love to see this bug get some attention.
Created attachment 231213 [details] Ebuild for Splunk 4.1.2-79191 Here's a slightly revised ebuild for Splunk 4.1 Handles 32bit and 64bit architectures more cleanly. Doesn't use the custom config files, just due to taste. Same basic init script as noted by Marshall. Requires a corresponding license file from the package. Working fine on a number of machines here. Feedback would be good.
Guys, netmon team is understaffed at the moment, so I suggest you to submit ebuild into sunrise overlay: http://overlays.gentoo.org/proj/sunrise/ Dan, some comments to ebuild: 1. Please, move 79191 into PV. Just name ebuild plunk-4.1.2.79191.ebuild and use versionator.eclass (or bash variable substitutions) to get 79191. 2. Following code: # Adjust permissions on executables cd "${D}/opt/${PN}/bin" for b in `ls .`; do fperms 755 "${b}" || die "fperms failed on ${b}" done it much better to substitute with find: find "${D}/opt/${PN}/bin" -print0 | xargs -0 fperms 755 3. Does /opt/${PN}/bin/splunk start --accept-license requires user intervention? Is it possible to avoid running of this command?
*** Bug 331007 has been marked as a duplicate of this bug. ***
Created attachment 274171 [details] splunk-4.2.1.98164.ebuild I updated the ebuild for my own purposes, decided to pass it along Notes: 1. In my overlay, this is in the app-admin category, where I believe it should belong as this application does not do any kind of passive network monitoring. 2. The ebuild has the possibility of blocking in pkg_postinst if there previously existed annother installation of splunk, this could be fixed by piping yes to the splunk start command 3. I have not included any default configuration files.
anyone done anything with the later releases? latest currently seems to be splunk-4.2.3-105575-Linux-i686.tgz.
